In this chapter, we will be looking at incident response, particularly with regard to the collection of volatile evidence for forensic analysis.
We will cover the following exam objectives in this chapter:
- Using the appropriate software tools to assess the security posture of an organization, given a scenario: Coverage here will include protocol analyzers, network scanners, rogue system detection, network mapping, wireless scanners/crackers, password crackers, vulnerability scanners, configuration compliance scanners, exploitation frameworks, data sanitization tools, steganography tools, honeypot, backup utilities, banner grabbing, command-line tools, ping, netstat, tracert, nslookup/dig, ARP, ipconfig/ip/ifconfig, tcpdump, Nmap, and Netcat.
- Analyzing and interpreting the output from security technologies, given a certain scenario: Here we will...
